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(57) Abstract: The client-server system 
disclosed herein is used to certify computer-gen- 
erated content (62), such as web pages. In 
operation, the client (6) generates content (62) 
and outputs information (64) corresponding 
thereto to the server. The server stores a set 
of rules that contains alternatives (54) for 
information (64) that may be included in 
the content (62), and determines whether the 
information (64) in the content (62) corresponds 
to at least one of the alternatives (54) contained 
in the set of rules. If the information (64) 
corresponds to at least one alternative (54), 
the server issues a certification confirming the 
validity of the content (62). 
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DYNAMIC CONTENT CERTIFICATION 

Cross Reference To Related Application 
5 U.S. Patent Application No. 09/248,370, filed 

February 8, 1999 and entitled "Content Certification" , is 
hereby incorporated by reference into the subject 
application as if set forth herein in full. 

Background of the Invention 

10 Field of the Invention 

The present invention is related to certifying 
computer-generated content, such as Web pages. 

Description of the Related Art 

Various systems currently exist for certifying the 

15 content of computer-generated data, such as Web pages. For 
example, U.S. Patent Application No. 09/248,370 describes a 
certification system that incorporates digital signatures 
into Web pages, and that maintains a record associating each 
Web page with a corresponding digital signature. To certify 

20 a Web page, the system compares the digital signature of a 
displayed Web page to that maintained in the record. If the 
two match, the Web page is certified; otherwise it is not. 

Java JAR is example of a certification system that 
uses lists and digital signatures. Briefly, Java JAR is 

25 directed to ensuring the integrity of information in 

"composite" files; that is, files which contain multiple 
components, each of which has its own guarantee of 
integrity. An example of composite is Web page 1 of Figure 
1 which may include image element 2, image element 4, and 

30 image element 5. The Java JAR system confirms that the 
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content is intact by comparing the content with a hash code 
generated therefrom by the sender and encrypted with a key 
to guarantee its authenticity. 

While systems like those above go a long way toward 
5 increasing the reliability of computer-generated content 
such as Web pages, there is still room for improvement. In 
particular, conventional certification systems are limited 
to certifying "static content", meaning content that is 
specified absolutely in a page. In this regard, it is also 
10 possible to specify content generically. In this case, a 
content specification is mapped into actual content on a 
server. The specification may be a URL which is dynamically 
interpreted based on user context (such as identity or 
location) , a piece of code executed on the server, a 
15 construct such as an HTML form, a piece of code executed on 
a browser, or a database query executed on the server. 

Some content, such as Web pages, is only specified 
generically. For example, a dynamic Web page is comprised 
of static and, possibly, dynamic elements. The Web page is 
20 dynamic if at least some of the static elements can be 

substituted for one another. A common example of a dynamic 
Web page is a page that "builds" an automobile in response 
to user selection of features such as model, year, color, 
etc., and that displays an image of the resulting automobile 
25 together with its price. In this example, different 

alternatives may be displayed on the same page depending on 
the user's selection of features. 

Because the information contained in dynamic 
content, such as Web pages, databases, etc., can be changed, 
30 conventional certification systems are unable to certify 
such content. Accordingly, there exists a need for a 
certification system that is capable of certifying dynamic 
content . 
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Summary of the Invention 
The present invention addresses the foregoing needs. 
Specifically, the invention is a system that certifies 
dynamical ly-genera ted content such as interactive Web pages. 
5 To this end, the invention stores a set of rules containing 
alternatives as to what information may be included in the 
content. For example, in the case of the automobile Web 
page noted above, the alternatives contained in the set of 
rules may correspond to models that are available from a 

10 particular manufacturer. Hence, the alternatives may 
indicate that information corresponding to those models 
(e.g, their images) may be included in the Web page. 

When invoked at any point in the assembly process, 
the invention determines whether each element of information 

15 for which certification is required obeys the rules 

specified for it, and what the certification result for the 
element is. The certification result for content, such as a 
Web page, is then determined based on additional rules 
involving the certification results of the elements and the 

20 context of the page. All rules can take into consideration 
information from their context. This context includes the 
identity, authorization and location of the user, the date, 
parameters which may have been set by the user or by an 
authorized person or process on the server, or any other 

25 information that can be exposed programmatically as 

property. In one aspect, the certification process can be 
recursive. That is, the individual elements may have groups 
of rules for themselves and any of their subsidiary 
elements. This increases the utility of the system by 

30 allowing complex structures to be built. 

Plural (e.g., two or more) levels of certification 
are provided in preferred embodiments of the invention. For 
example, different levels of certification may be provided 

- 3 - 
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for different alternatives, e.g., "high" indicating a high 
degree of reliability, "medium" indicating a relatively 
lower degree of reliability, and "low" indicating a low 
degree of reliability. Thus, the level of certification of 
5 particular content depends on which alternatives match the 
elements of information contained therein. 

The invention is preferably implemented using a 
client-server architecture. Specifically, the client 
requests content (e.g., a Web page), and the server 

10 assembles information contained in the requested content and 
processes the information in the manner described above to 
determine whether or not to certify the content. 

Thus, according to one aspect, the present invention 
is a system for certifying computer-generated content. The 

15 system includes a client which outputs information 

corresponding to the content. A server stores a set of 
rules that contains alternatives for information that may be 
included in the content, and determines whether the 
information from the content corresponds to at least one of 

20 the alternatives contained in the set of rules. The server 
issues a certification confirming the validity of the 
content in a case that the information corresponds to at 
least one alternative. 

In preferred embodiments, the invention incorporates 

25 one or more of the following features/functions: The client 
requests content with dynamic components or engages in a 
dynamic interaction such as a form response or query. The 
determining performed by the server determines whether the 
result obeys its certification requirements. The 

30 determining performed by the server determines whether the 
plural elements of information correspond to the 
alternatives. The client includes a user interface, and the 
content is generated on the client in accordance with 

- 4 - 



WO 02/078259 



PCMJS01/09581 



information input via the user interface. The content 
comprises a Web page. The alternatives in the set of rules 
apply to programs that may be executed via the content. The 
alternatives in the set of rules apply to individual objects 
5 such as images which may be incorporated into the content. 
The client (i) displays the content, and (ii) displays a 
certification along with the content, the certification 
indicating that the content has been certified. The content 
is not certified in a case that the information therein does 
10 not correspond to at least one alternative. Either the 
server outputs the message to the client and the client 
displays the message to the user or, if the server is 
working cooperatively with an assembly engine, it may output 
the message to the assembly engine. The client may display 
15 the content together with the message. Certification 
results may correspond to a plurality of certification 
levels and the issuing performed by the server certifies the 
information in the content at one of the plurality of 
certification levels based on a result of execution of rules 
20 for the content. The plurality of certification levels 
include "high" indicating a high degree of reliability, 
"medium" indicating a relatively lower degree of 
reliability, and "low" indicating a low degree of 
reliability. The client displays the content, and the 
25 determining performed by the server can be performed either 
before, during or after the content is assembled. 

Advantages of the invention in addition to those set 
forth above will become apparent in view of the following 
description, including the figures, and the claims. 
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Brief Description of the Drawings 
Figure 1 shows a composite Web page. 
Figure 2 shows a network syst era on which the 
certification process may be implemented. 
5 Figure 3 shows the graphical user interface of a Web 

browser that may be used with the certification process. 

Figure 4 shows a dynamic Web page that can be 
certified by the certification process. 

Figure 5 shows process steps for certifying a 
10 dynamic Web page. 

Figure 6 shows an example of a manifest used by the 
certification process to certify a dynamic Web page. 

Figure 7 shows a Web page that can be used to 
initiate certification of individual static elements of a 
15 dynamic Web page. 

Figure 8 shows the process o£ certifying individual 
static elements of a dynamic Web page. 

Figure 9 shows a client retrieving a dynamic Web 
page from a Web server. 
20 Figure 10 shows providing user input to a Web 

server . 

Figure 11 shows requesting certification of a 
dynamic Web page. 

Figure 12 shows process steps for certifying the 
25 content of dynamic Web pages and ottmer dynamically-generated 
content. 

Figure 13 shows issuing a certification message 
relating to a certification of a dynamic Web page. 

Figure 14 shows a certificate that may be issued for 
30 certified Web pages. 

Figure .15 shows process step* for organizing Web 
pages (or other content) into zones _ 

- 6 - 
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Figure 16 shows an example of a manifest used to 
organize content into zones. 

Figure 17 is an abstract view of Web pages on a Web 
site organized into zones. 

5 Description of the Preferred Embodiments 

The following description of the preferred 
embodiments of the invention relates to Web pages. It is 
noted up front, however , that the invention is not limited 
to use with Web pages. Rather, all aspects of the invention 

10 can be used with any computer-generated content including, 
but not limited to, rows in a database, an entire database, 
computer -generated queries, documents, and the like. 

The present invention is preferably implemented 
using a client-server architecture, such as that shown in 

15 Figure 2. This architecture includes client 6, 

certification server 7, and Web server 9 connected via 
network 10. Network 10 may comprise any type of network or 
communications medium, including, but not limited to, one or 
more of the following: the Internet, a local area network 

20 ("LAN"), a wide area network ("WAN"), a wireless (e.g., ATM) 
network, a logical network within a single computer, some 
other form of programmatic communication such as inter- 
process communications or dynamic link libraries, or any 
combination thereof. 

25 Client 6 is preferably a personal computer ("PC") or 

similar data processing device. Client 6 includes network 
interface 11 for interfacing to network 10, display screen 
12 for displaying information to a user, keyboard 14 for 
inputting text and user commands, mouse 15 for positioning a 

30 cursor on display screen 12 and for inputting user commands, 
disk drive 16 for reading from and writing to floppy disks 
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installed therein, and CD-ROM drive 17 for accessing data 
stored on CD-ROM. 

Close-up view 18 shows the internal structure of 
client 6. Client 6 includes memory 19 which is a computer- 
5 readable medium, such as a computer hard disk, for storing 
information. In the preferred embodiment memory 19 stores 
operating system 20, applications 21, and data 22. 
Microsoft™ Windows98 ni is a one operating system that may be 
used with the invention; however, the invention is not 
10 limited to use therewith. 

Applications 21 include Web browser 24, among 
others. An example of a Web browser that may be used with 
the invention is Netscape™ Navigator™. Web browser 24 
displays a graphical user interface ( M GUI M ) to a user, 
15 through which the user may access information via the 

Internet (e.g., Web sites, individual Web pages, etc.). An 
example of such a GUI is shown in Figure 3'. 

Client 6 also includes display interface 26, 
keyboard interface 27, mouse interface 29, disk drive 
20 interface 30, CD-ROM drive interface 31, computer bus 32, 

RAM 34, and processor 35. Processor 35 preferably comprises 
a microprocessor or the like for executing applications, 
such as those noted above, out of RAM 34. Such 
applications, including browser 24, may be stored in memory 
25 19 as noted above or, alternatively, on a floppy disk in 

disk drive 16 or CD-ROM in CD-ROM drive 17. In this regard, 
processor 35 accesses applications and data stored on floppy 
disk via disk drive interface 30 and accesses applications 
and data stored on CD-ROM via CD-ROM interface 31. 
30 Web server 9 may comprise a computer having features 

similar to client 6 for providing remote access to the Web 
site of an organization. Web server 9 is connected to other 
computers (not shown) in the organization via LAN 36 (or 
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network 10) . Web server 9 is also connected to 
certification server 7 via network 10 or other medium. 

Web server likewise includes a processor 23 and a 
memory 28, among other things, as shown in close-up view 13. 
5 Stored in this memory is assembly engine 25 and Web page 
elements 33. Assembly engine 25 is a program that is 
executed by processor 23 to assemble Web pages. More 
specifically, a single Web page may be composed of a 
plurality of static and dynamic elements, such as images, 
10 applets, text, sound, other Web pages, etc. In response to 
requests received from client 6, assembly engine 25 
retrieves those elements (e.g., from memory 28) and combines 
them in a predetermined manner so as to form the Web page. 
Representative examples of commercially-available assembly 
15 engines that may be used in connection with the present 
invention include ATG Dynamo, Servlets, JSP and ASP 

Certification server 7 likewise preferably comprises 
a computer having features similar to client 6. As shown in 
close-up view 38, certification server 7 includes, among 
20 other things, memory 39 for storing both applications and 
certification information 48 which includes the manifests 
described below. Memory 39 may include one or more memory 
devices, such as a computer hard disk, redundant array of 
inexpensive disks ("RAID"), optical disk drive, and the 
25 like. Processor 40 is also included on certification server 
7 so as to execute applications stored in memory 39 and to 
provide the resulting output to the network. 

Among the applications stored in memory 39 is 
certification engine 41. Certification engine 41 comprises 
30 computer-executable code that runs on certification server 7 
to certify Web. pages and other dynamic pages based on their 
content and/or certification information stored in their 
elements. Certification engine 41 also organizes sets of 
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Web pages into plural zones based on their levels of 
certification, the type of information contained therein, or 
the like, as described in more detail below. 

It is noted that certification server 7 and Web 
5 server 9 may be one in the same; however, since this is not 
a requirement, the more general case of separate Web and 
certification servers is depicted in Figure 2. For that 
matter, the invention may also be implemented, in its 
entirety, on a single computer. That is, the functions of 
10 client 6, certification server 7 and Web server 9 (or its 
equivalent) may be implemented on a single computer. 

Dynamic Content Certification 

Figures 4 to 14 depict the operation of 
certification engine 41 in the context of certifying 

15 dynamically-generated (or simply !, dynamic M ) Web pages. At 
this point, it is repeated that although this embodiment of 
the invention is described with respect to Web pages, the 
invention is not limited to use with Web pages and can be 
used to certify any computer-generated content. 

20 As described in the M Background " , a Web page is 

dynamic if any of its contents is specified generically or 
generated programmatically or by query or in any other 
situation where the content is not specified uniquely and 
immutably a priori. That is, many Web pages are composites, 

25 meaning that they are composed of plural elements such as 
images, applets, text, sound, etc. Each individual element 
may be static if all of its components are specified 
uniquely and immutably a priori; however, the Web page 
itself is still dynamic if the specification of the elements 

30 within the page are not so specified. It is also possible 
for the elements themselves to be dynamic because of their 
components or because they are programs or queries. The 
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WO 02/078259 



PCT/US01/09581 



resolution of these dynamic objects to static objects 
generally occurs in the assembly engine, but it is also 
possible for this process to occur in the browser (e.g., 
with JavaScript) . In this regard, there is no reason, in 
5 principle, why some or all of the functions of the 

certification server could not take place in the client 
given the necessary integration with the browser. 

By way of example, Figure 4 shows a hypothetical Web 
page 42 displayed by browser 24. Web page 42 "builds" an 
10 automobile based on user-selected features such as model, 
year, color, stereo, etc. That is, Web server 9 stores, in 
a manifest for Web page 42, plural alternatives for text 
element 43 and image elements 44 and 45. A user selects 
which features 46 are to be included in the automobile, and 
15 a program or applet resident on Web page 43 determines which 
of the text and images stored on Web server 9 should be 
displayed as elements 43, 44 and 45 based on the selected 
features. Browser 24 then transmits this information to Web 
server 9, where assembly engine 25 retrieves the appropriate 
20 text and images from memory 28 (or, more generally, any 

database on which they reside) and assembles them into Web 
page 42. Though text and images are depicted in Figure 4, 
the alternatives are not limited to these; that is, the 
alternatives may include sound, applets or any other type of 
25 information that can be incorporated into a Web page. 

Figure 5 shows process steps for certifying a 
dynamic Web page. Though the process steps of Figure 5 are 
directed to certification of a Web page, once armed with the 
disclosure herein, one of ordinary skill in the art could 
30 easily use these steps to certify any type of computer- 
generated dynamic content. 

The process of Figure 5 begins in step S501 by 
defining a manifest for the Web page. The manifest is 
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generally defined by the administrator of the Web site on 
which the Web page resides and provided to certification 
server 7 where it is indexed to the URL of the Web page and 
stored in memory. The manifest includes a set of rules that 
5 specify information to be included on the Web page. In the 
present invention, the set of rules includes alternatives 
for information that may be included on the Web page, though 
they may specify required information as well. 

An example of a manifest 47 for Web page 42 is shown 

10 in Figure 6. As shown, manifest 47 includes a rule 49 
requiring display of an automobile image, which defines 
alternatives 54 (e.g., an image of a convertible, an image 
of a 4-wheel drive vehicle, etc.). It also includes a rule 
55 requiring validation of the certification results. This 

15 may be done in accordance with a program or applet on the 
Web page. 

Certification information for the rules is provided 
in step S502 (which may be performed before or after step 
S501) . That is, step S502 confirms that each alternative 

20 element (e.g., image, applet, etc.) that could be included 
on the Web page is certified. For Web page 42, this means 
confirming that each image element 44 and 45, and any other 
information that Web page 42 may include, is certified. In 
the preferred embodiment of the invention, the certification 

25 of static elements in step S502 is performed by 

certification engine 41 in accordance with the process 
described in U.S, Patent Application Mo. 09/248,370. A 
brief description of this process is as follows. 

Figure 7 shows a password protected Web page 57 for 

30 requesting certification of an element. On Web page 57, an 
element, such as an image, is submitted for certification 
simply by dragging and dropping it onto one or more of 
defined certification controls 59 and 60. The certification 
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control that receives the element prepares and transmits a 
certification request to certification server 7 specifying 
the content of the element and the certification desired. 
As shown in Figure 8, a certification request 61 
5 includes content 62 of the element submitted for 

certification, together with other information 64 such as 
the certification desired (e.g., site-wide certification, 
legal department certification, etc.), the author{s) of the 
element, and a uniform resource locator ( "URL* ) that 
10 specifies a Web page on which the element is to be located. 
Request 61 may also include information such as an element 
revision number, content keywords, title, etc. 

Certification server 7 processes the received 
certification requests by distributing content 62 to those 
15 in an organization that could potentially provide approval 
for certification. For example, certification server 7 may 
distribute the content to all members of the organization's 
legal department when a request is made for legal department 
certification. Workflow software, E-mail daemons, and other 
20 techniques, executing on computers other than the 
certification server, can alternatively be used to 
distribute the content for certification. 

As shown in Figure 8, after an individual 65 
receives and reviews the content, the individual can notify 
25 certification server 7 of his approval by sending a 

certification message 66. Certification message 66 can 
include the content and the other information included in 
the certification request. This message can also include 
information 67 that describes the individual transmitting 
30 the certification message, the type of certification granted 
(e.g., an individual may have the capacity to certify 
content for both the marketing and legal departments of the 
organization), and a level of approval (e.g., "for internal 
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use only" or "for publication on the Internet") . 
Additionally, the certification message may include a 
digital signature 68 belonging to the individual submitting 
the certification message and information to confirm the 
5 digital signature (e.g., X.509), or it may include 
information used by other authentication techniques. 

Certification engine 41 processes received 
certification messages in accordance with certifying 
instructions. These instructions may be embedded in 

10 certification engine 41 or retrieved thereby. In one 

embodiment of the invention, these certifying instructions 
authenticate a certification message to ensure that an 
individual claiming to have approved the submitted content 
was, in fact, the one who produced certification message 66. 

15 After authentication, the certifying instructions can 

determine whether certification message 66 satisfies the 
criteria for the certification requested. For example, the 
certifying instructions can determine whether certification 
message 66, alone or in combination with previously- received 

20 certification messages, is sufficient to obtain legal 
department certification. 

If the received certification message 66 does not 
satisfy the requisite certification criteria, the certifying 
instructions can store the received certification and await 

25 further certification messages. The process may store a 

hash for submitted content awaiting further certification to 
ensure that subsequent certification is for the same content 
as the certification already received. The process can also 
attempt to certify any links or other objects referenced by 

30 the content. 

If certification message 66 satisfies the requisite 
certification criteria, the certifying instructions 
determine verification information from the certified 
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content or other information provided. In this regard, 
verification information includes data that identifies the 
certified content such as a URL, compressed or uncompressed 
portions of the content, and/or an assigned identification 
5 number. The verification information may also include one 
or more hash keys (e.g., an MD5 hash and an SHA hash) . A 
hash key is produced by a one-way function and typically 
requires little storage space (e.g., 160-bits) , and is 
nearly guaranteed to be unique for given content. 
10 After storing the content's certification and 

verification information, e.g., in memory 39, the certifying 
instructions can produce a digital signature (e.g., a W3C 
DSig (Digital Signature Group) compliant signature) for 
content 62. This digital signature can include computed 
15 hash, the content's URL, or any other verification or 
certification information (not shown) . 

Once the digital signature has been generated, the 
certifying instructions determine whether content 62 can be 
dynamically modified to include the digital signature. For 
20 example, HTML and XML permit dynamic insertion of digital 

signatures into the content (e.g., as header information or 
as a newly defined tag) . Inclusion of the digital signature 
in content 62 ensures that the digital signature travels 
with the content. Thereafter, certified content 69, 
25 including the digital signature, is transmitted back to Web 
server 9, as shown in Figure 8. 

Returning to Figure 5, following step S502 
processing proceeds to step S503 . In this regard, any page, 
even an initial page, may be subject to the certification 
30 process of the present invention. Thus steps S503 and S504 
are not necessary, since any attempt to retrieve a page may 
start at step S505. Nevertheless, for illustration's sake, 
steps S503 and S504 are included in the process. 
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In step S503, a user logs onto client 6, executes 
browser 24, and requests a Web page from Web server 9. In 
response to this request, Web server 9 transmits a Web page, 
such as that shown in Figure 4, to client 6. There, the Web 
5 page is displayed. This process is depicted graphically in 
Figure 9. At this point, it is noted that the invention 
does not require a user to have an initial page into which 
to put initial information. Any interaction with the user 
supplies at least authentication information and perhaps 

10 information from "cookies' 1 . 

Next, in step S504 / the user inputs information into 
the Web page. For example, in the case of Web page 42, the 
user may select options for building an automobile. Browser 
24 transmits these user-selected options (i.e., the user 

15 input) to Web server 9, as shown in Figure 10. There, 

assembly engine 25 determines which elements (e.g., images, 
text, applets , sound, etc.) are to be included on the Web 
page. Assembly engine 25 then retrieves the appropriate 
elements from memory 28 (or any other database on which they 

20 reside) , and assembles the Web page therefrom. 

Certification of the Web page may take place before, during 
or after this process. 

More specifically, each element on the Web page may 
be certified prior to assembly, as described above with 

25 respect to Figure 8 and in U.S. Patent Application No. 

09/248,370. Alternatively, each element may be certified as 
part of the Web page on an ad hoc basis, i.e., during 
assembly. As still another alternative, certification may 
take place following assembly of the Web page. With 

30 reference to Figure 6, pre-assenibly rules 90 control 

certification prior to assembly, during- assembly rules 91 
control certification during assembly, and post-assembly 
rules 92 control certification post assembly. As shown, 
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each of these includes prologue rules, body rules, and 
epilogue rules, which can specify an order of execution for 
the rules. 

Assuming that certification .takes place following 
5 assembly of the Web page, in step S506 assembly engine 25 
extracts identification and certification information from 
each element of the Web page. For example, it extracts the 
URL of the Web page, the digital signature and/or content of 
each element (e.g., elements 43, 44 and 45 in Figure 4) in 
10 the Web page, an identification number of each element, etc. 

Next, in step S507, assembly engine 25 issues a 
request to certification server 7. This is depicted 
graphically in Figure 11. The request can be encrypted for 
security purposes, and includes the information extracted in 
15 step S506, together with a request for certification of the 
Web page. 

Thereafter, step S508 determines whether the Web 
page is certified, meaning that the information contained 
therein is valid. In the present embodiment, the 

20 certification process is performed in certification server 7 
by certification engine 41. As noted above, however, in 
other embodiments of the invention, the Web server and 
certification server functions may be implemented on the 
same computer, in which case the certification process would 

25 take place on that single computer. 

Figure 12 depicts the certification process. To 
begin, in step S1201, certification server 7 receives the 
request for certification from assembly engine 25 on Web 
server 9. Based on this request, and the information 

30 contained therein, certification engine 41 determines 

whether the information in the Web page complies with the 
set of rules stored therefor. To this end, certification 
engine 41 determines whether each of the elements that make 
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up the Web page corresponds to at least one of the 
alternatives contained in the manifest for that Web page. 
This is done in step S1202, e.g., by comparing an assigned 
identification number or hash for each element to those 
5 contained in the manifest. 

For each static element that corresponds to an 
alternative in the manifest, in step S1203 certification 
engine 41 also determines whether that element is certified. 
This is done, e.g., by comparing one or more of the digital 

10 signature, content, etc. for that element to corresponding 
verification information therefor. If there is a match, 
then that individual element is considered certified. 
Alternatively, certification information can be included in 
the manifest, in which case the manifest can be consulted to 

15 determine whether each element is certified. 

Finally, for each dynamic element that corresponds 
to an alternative in the manifest, in step S1204 
certification engine 41 also determines whether that element 
is certified. Each such element includes a manifest, and a 

20 requisite rule or rules are executed for that element. The 
results of these executions are certified by subsequent 
rules to see what form of certification is required for the 
entire Web page. This process is similar to that described 
above . 

25 Thus, following step S1204 if the Web page complies 

with the manifest stored on certification server 7, i.e., if 
each of its elements complies with a rule on the manifest 
and is certified, then the entire Web page is considered 
certified. Otherwise, it is not . In this regard, the 

30 certification of the entire page depends upon the epilogue 
rules working on the certification results of the prologue 
and the body. In the absence of any explicit global 



- 18 



WO 02/078259 PCT/USO 1/09581 



certification rules, rules from a zone or site manifest 
(described below) may be used. 

In preferred embodiments, the invention provides for 
several different levels of certification. For example, 
5 three such levels may be provided, including "high" (or 
"platinum") indicating that the information is highly 
reliable, "medium" (or "gold") indicating a relatively lower 
degree of reliability, and "low" ("silver" or "bronze") 
indicating a still lower degree of reliability. Though only 

10 three levels of certification are described here, the 

invention is not limited to three. Rather, any number of 
certification levels may be used. The level of 
certification for each alternative in a Web page manifest is 
preferably stored in the rule for that alternative. 

15 Accordingly, returning to Figure 5, if the Web page 

is certified in step S508, in step S509 certification engine 
41 may extract a level of certification (not shown) for each 
element in the Web page using the manifest. Of course, if 
only one level of certification is provided, then that level 

20 will be extracted in step S509. Based on the level of 

certification of each element, a level of certification for 
the entire Web page can be determined. Generally, the level 
of certification of the entire Web page will correspond to 
the lowest level of certification of an element on that Web 

25 page. However, other methods of determining the 

certification level of the entire Web page may also be used 
with the invention. 

Following step S509, processing proceeds to step 
S510. In step S510, certification engine 41 issues a 

30 message 74 to assembly engine 25. This is depicted 

graphically in. Figure 13. In this case, i.e., where the Web 
page has been certified, the message indicates that the Web 
page has been certified. The message may also include a 
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certificate that is transmitted to the user and displayed 
along with the Web page, as shown in Figure 13. An example 
of such a certificate 78 is shown in Figure 14. Where more 
than one level of certification is provided, the message 
5 and/or certificate may also indicate the level of 

certification for the Web page. Following step S510, 
processing ends. 

Returning to step S508, in a case that the Web page 
has not been certified, message 74 is still output by 

10 certification engine 4i in step S511. This time, however, 
the message indicates that the Web page has not been 
certified. The message may then be transmitted from Web 
server 9 to client 6 and/or to the Web site administrator. 
In a case that the message is provided to the site 

15 administrator, it may include instructions indicating 

exactly which portions of the Web page were not certified 
and why. In step S512, this message indicating that the Web 
page is not certified may be transmitted to the client, 
where it is displayed. The Web site content may or may not 

20 be transmitted and displayed therewith, depending upon how 
the system is configured. Following step S512, the 
certification process ends. 

In alternative embodiments of the invention, partial 
certification of a Web page may be provided. More 

25 specifically, to certify the contents of a Web page in 

accordance with the process shown in Figure 5, each element 
thereof must correspond to one alternative in the Web page 
manifest. If one element is not found on the manifest, the 
Web page will not be certified. In alternative embodiments, 

30 however, partial certification of a Web page may be provided 
if at least one element on the Web page corresponds to at 
least one alternative in the manifest for that Web page. In 
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the case of partial certification, the output message and/or 
certificate would be changed accordingly. 

Defining Content Zones 

This aspect of the system builds on the concept of 
5 different certification levels introduced above. Although 
this embodiment is described in the context of Web pages, 
the invention can be used with any computer-generated 
content. In this embodiment, certification engine 41 
organizes individual Web pages on a Web site into zones. 

10 Which zone a particular Web page is in depends upon the 
rules stored in a manifest for that zone. For example, 
which zone a Web page is located in may depend upon a level 
of certification of that Web page. In this example, the 
level of certification of dynamic Web pages may be 

15 determined in the manner described above. However, since 
this aspect is not limited to use with dynamic Web pages, 
certification can be achieved using any method. 

Figure 15 shows process steps for implementing this 
aspect of the system. These process steps may be executed 

20 to define a single zone. Other zones may be defined in the 
same manner. The process of Figure 15 may be implemented on 
certification server 7 in certification engine 41 or, 
alternatively, on a similar program executing on Web server 
9. Step S1501 begins the process. 

25 More specifically, step S1501 stores a manifest 

containing one or more rules that define which pages may be 
included in the zone. As above, these rules may be defined 
and input by the administrator of a Web site. The rules may 
include a variety of factors. For example, the rules may 

30 define a specific level of certification required for Web 

pages in the zone, a "type" of Web page that may be included 
in the zone (e.g., products as defined by a URL such as 
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"www. NovaSoft.com/products" or other means), and the like. 
Additional rules may also be provided to further 
differentiate the zones. For example, if a zone specifies 
"products for sale", a rule may be included in the manifest 
5 to specify that only products having a release date "less 
than or equal to today" may be included in the zone. Figure 
16 depicts an example of a "products for sale" manifest that 
may be used by the present invention to define such a zone. 
Once a set of rules has been defined for the zone, 

10 certification engine 41 examines the content of Web pages in 
the Web site in order to determine which of those Web pages 
belong in the current zone. In this regard, a single Web 
page may be included in more than one zone; however, for the 
sake of clarity, the present description will assume that 

15 each Web page is included in only one zone. 

Step S1502 thus selects each Web page, e.g., by its 
URL, and then step S1503 determines whether that page 
complies with the rules set forth in the zone manifest. For 
example, step S1503 may determine the certification level of 

20 the Web page by examining its certification information, as 
well as any other information required for the zone. That 
is, step S1503 may determine whether the Web page is related 
to a product by examining the page's URL, and whether the 
product has been released as of "today" by examining the 

25 content of the Web page. Other information may also need to 
be examined depending upon the number and type of rules 
specified in the zone manifest. 

In the case that a Web page complies with the rules 
in the zone's manifest, step S1503 concludes that the Web 

30 page belongs in the current zone. Accordingly, processing 
proceeds to step S1504. Step S1504 associates each 
complying page with the current zone. This can be done in a 
number of ways. For example, step S1504 may incorporate, 
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into a manifest of each complying Web page, a rule 
indicating that the Web page is part of the current zone. 
Instead of, or in addition to, incorporating a rule into the 
Web page's manifest, step S1504 may incorporate into the 
5 zone manifest one or more rules indicating which Web pages 
are part of the zone. For example, the URLs of Web pages 
included in a zone may be included in that zone's manifest. 

Following step S1504, or in a case that a Web page 
does not comply with the rules of the current zone, 
10 processing proceeds to step S1505. Step S1505 determines 
whether any unexamined Web pages remain in the site. If 
there are such pages, processing returns to step S1502, 
whereafter steps S1503 to S1505 are repeated for the 
remaining images. Otherwise, processing for the current 
15 zone ends. However, other zones may be defined, as desired. 

Figure 17 shows an abstract view of a Web site that 
has been divided into three zones --a "products for sale" 
zone 80, an "unsupported tools" zone 81, and a "personal 
opinions" zone 82. In this example, all Web pages 84 in the 
20 "products for sale" zone have a "high" certification level 

(e.g., the information in those pages is guaranteed accurate 
by the site owner) ; all Web pages in the "unsupported tools" 
zone have a "medium" certification level (e.g., the 
information in those pages is deemed useful by the site 
25 owner, but its accuracy is not guaranteed) ; and all Web 
pages in the "personal opinion" zone have a "low" 
certification level (e.g., the site owner has no opinion 
concerning the accuracy of the information on those pages) . 
By virtue of this setup, a user is able to determine, simply 
30 by what zone of the Web site the user is in, the reliability 
of the information contained therein. 

In this regard, Web pages in a particular zone may 
contain visible certification (or other "type") indicators. 
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Accordingly, a user can determine in which zone a Web page 
is located simply by looking at the indicator. In cases 
where the Web server and certification server are one in the 
same, certification engine 41 may simply incorporate the 
5 appropriate certification indicators into the appropriate 
Web pages. Where the two servers are different, 
certification server 7 may provide the certification 
indicators to Web server 9, which may then incorporate them 
into the Web pages for the site. 

10 In preferred embodiments, the invention also 

maintains a record of movement between zones. That is, each 
time a user enters a new URL via browser 24, there is the 
potential of movement to a different zone. Each time the 
user enters a new zone, Web server 9 and/or certification 

15 server 7 may issue a message to the user to that effect. 
One or both of these servers may maintain a record of URLs 
and corresponding zones visited by the user during a 
predetermined period of time. 

In addition to defining manifests for individual 

20 pages and zones, the present invention also can be used to 
define a manifest for an entire Web site. The manifest for 
a Web site would be similar to that shown in Figure 16 for a 
zone. Accordingly, a detailed description thereof is 
omitted here for the sake of brevity. Suffice it to say, 

25 that rules for a site manifest may be based on 

certification, as described above, or any other relevant 
information. Only Web pages and zones that comply with the 
site manifest may be included in that site. Moreover, a 
site-wide certification, similar to that described above for 

30 zones can be provided for sites. 

Finally, it is noted that the invention is not 
limited to use in the exact manner set forth herein. For 
example, the process steps of Figures 5, 12 and 15 need not 
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be executed in the exact order shown, so long as the 
functionality of the system is maintained. Also, the 
invention is not limited to use with the hardware described 
herein, or to use with the types of images described above. 
5 In this regard, the present invention has been 

described with respect to particular illustrative 
embodiments. It is to be understood that the invention is 
not limited to the above -described embodiments and 
modifications thereto, and that various changes and/or 
10 modifications are within the scope of the appended claims. 
What is claimed is: 



- 25 - 



WO 02/078259 



PCT/USO 1/09581 



I 



1 1. A method of certifying computer-generated 

2 content, the method comprising: 

3 storing a set of rules that contains alternatives 

4 for information that may be included in the content; 

5 determining whether information in the content 

6 corresponds to at least one of the alternatives contained in 

7 the set of rules; and 

8 issuing a certification confirming the validity of 

9 the content in a case that the information corresponds to at 
10 least one alternative. 

1 2. A method according to claim 1, wherein the 

2 content is generated dynamically from plural elements of 

3 information. 

1 3. A method according to claim 2, wherein the 

2 determining comprises determining whether the plural 

3 elements of information correspond to the alternatives. 

1 4. A method according to claim 3, wherein the set 

2 of rules is stored on a central server and the content is 

3 generated based on a user input to a client of the central 

4 server. 

1 5. A method according to claim 4, wherein the 

2 content comprises a Web page; and 

3 wherein the elements of information are obtained in 

4 response to user inputs on the Web page. 

1 6. A method according to claim 1, wherein the 

2 alternatives in the set of rules include programs that may 

3 be executed via the content. 
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1 7. A method according to claim 1, wherein the 

2 alternatives in the set of rules include individual images 

3 that may be incorporated into the content. 

1 8. A method according to claim 1, further 

2 comprising: 

3 displaying the content; and 

4 displaying a certification along with the content, 

5 the certification indicating that the content has been 

6 certified. 

1 9. A method according to claim 1, wherein the 

2 information in the content is not certified in a case that 

3 the information therein does not correspond to at least one 

4 alternative. 

1 10. A method according to claim 9, further 

2 comprising, in a case that the content has not been 

3 certified, outputting a message indicating that the content 

4 has not been certified. 

1 11. A method according to claim 10, further 

2 comprising displaying the message to a user. 

1 12. A method according to claim 11, further 

2 comprising displaying the content together with the message. 

1 13. A method according to claim 1, wherein each 

2 alternative in the set of rules corresponds to one of a 

3 plurality of certification levels; and 

4 wherein the issuing comprises certifying the 

5 information in the content at one of the plurality of 
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6 certification levels based on to which of the alternatives 

7 the information in the content corresponds. 



1 14. A method according to claim 13, wherein the 

2 plurality of certification levels include "high" indicating 

3 a high degree of reliability, "medium" indicating a 

4 relatively lower degree of reliability, and "low" indicating 

5 a low degree of reliability. 

1 15. A method according to claim 1, further 

2 comprising assembling the content; 

3 wherein determining can be performed either before, 

4 during or after the assembling. 

1 16. A system for certifying computer-generated 

2 content, the system comprising: 

3 a client which outputs information corresponding to 

4 the content; and 

5 a server which (i) stores a set of rules that 



6 contains alternatives for information that may be included 

7 in the content, (ii) determines whether the information from 

8 the content corresponds to at least one of the alternatives 

9 contained in the set of rules, and (iii) issues a 

10 certification confirming the validity of the content in a 

11 case that the information corresponds to at least one 

12 alternative. 



1 17. A system according to claim 16, wherein the 

2 client generates the content dynamically using plural 

3 elements of information. 

1 18. A system according to claim 17, wherein the 

2 determining performed by the server determines whether the 
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3 plural elements of information correspond to the 

4 alternatives. 

1 19. A system according to claim 18, wherein the 

2 client includes a user interface, and the content is 

3 generated in accordance with information input via the user 

4 interface. 

1 20. A system according to claim 19, wherein the 

2 content comprises a Web page. 

1 21. A system according to claim 16, wherein the 

2 alternatives in the set of rules include programs that may 

3 be executed via the content. 

1 22. A system according to claim 16, wherein the 

2 alternatives in the set of rules include individual images 

3 that may be incorporated into the content. 

1 23. A system according to claim 16, wherein the 

2 client (i) displays the content, and (ii) displays a 

3 certification along with the content, the certification 

4 indicating that the content has been certified. 

1 24. A system according to claim 16, wherein the 

2 content is not certified in a case that the information 

3 therein does not correspond to at least one. alternative. 

1 25 > A system according to claim 24, wherein, in a 

2 case that the content has not been certified, the server 

3 outputs a message indicating that the content has not been 

4 certified. 
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1 26. A system according to claim 25, wherein the 

2 server outputs the message to the client, and the client 

3 displays the message to a user. 

1 27. A system according to claim 26, wherein the 

2 client displays the content together with the message. 

1 28. A system according to claim 16, wherein each 

2 alternative in the set of rules corresponds to one of a 

3 plurality of certification levels; and 

4 wherein the issuing performed by the server 

5 comprises certifying the information in the content at one 

6 of the plurality of certification levels based on to which 

7 of the alternatives the information from the content 

8 corresponds. 

1 29. A system according to claim 28, wherein the 

2 plurality of certification levels include "high" indicating 

3 a high degree of reliability, "medium" indicating a 

4 relatively lower degree of reliability, and "low 0 indicating 

5 a low degree of reliability. 

1 3 0. A system according to claim 16, wherein the 

2 determining performed by the server can be performed either 

3 before, during or after an assembly of the content. 

1 31. A computer program stored on a computer- 

2 readable medium to certify computer-generated content, the 

3 computer program comprising: 

4 code to store a set of rules that contains 

5 alternatives for information that may be included in the 

6 content ; 
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7 code to determine whether information in the content 

8 corresponds to at least one of the alternatives contained in 

9 the set of rules; and 

10 code to issue a certification confirming the 

11 validity of the content in a case that the information 

12 corresponds to at least one alternative. 

1 32. A computer program according to claim 31, 

2 wherein the content is generated dynamically from plural 

3 elements of information. 

1 33. A computer program according to claim 32, 

2 wherein the determining code determines whether the plural 

3 elements of information correspond to the alternatives. 

1 34. A computer program according to claim 33 , 

2 wherein the set of rules is stored on a central server and 

3 the content is generated based, at least in part, on a user 

4 input to a client of the central server. 

1 35. A computer program according to claim 34, 

2 wherein the content comprises a Web page; and 

3 wherein the elements of information are obtained in 

4 response to user inputs on the Web page. 

1 36. A computer program according to claim 31, 

2 wherein the alternatives in the set of rules include 

3 programs that may be executed via the content. 

1 37. A computer program according to claim 31, 

2 wherein the alternatives in the set of rules include 

3 individual images that may be incorporated into the content. 
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38- A computer program according to claim 31, 
further comprising: 

code to output the content; and 
code to output a certification along with the 
content, the certification indicating that the content has 
been certified. 

39. A computer program according to claim 31, 
wherein the information in the content is not certified in a 
case that the information therein does not correspond to at 
4 least one alternative. 

1 40. A computer program according to claim 39, 

2 further comprising code to output a message indicating that 

3 the content has not been certified in a case that the 

4 content has not been certified. 

1 41. A computer program according to claim 40, 

2 wherein the outputting code outputs the message to a user. 

1 42. A computer program according to claim 41, 

2 wherein the outputting code outputs the content together 

3 with the message. 

1 43. A computer program according to claim 31, 

2 wherein each alternative in the set of rules corresponds to 

3 one of a plurality of certification levels; and 

4 wherein the issuing code certifies the information 

5 in the content at one of the plurality of certification 

6 levels based on to which of the alternatives the information 

7 in the content .corresponds . 
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1 44. A computer program according to claim 43, 

2 wherein the plurality of certification levels include "high" 

3 indicating a high degree of reliability, "medium" indicating 

4 a relatively lower degree of reliability, and "low" 

5 indicating a low degree of reliability. 

1 45. A computer program according to claim 31, 

2 wherein the determining code executes either before, during 

3 or after an assembly of the content. 
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□ IMAGE CUT OFF AT TOP, BOTTOM OR SIDES 

□ FADED TEXT OR DRAWING 

□ BLURRED OR ILLEGIBLE TEXT OR DRAWING 

□ SKEWED/SLANTED IMAGES 

□ COLOR OR BLACK AND WHITE PHOTOGRAPHS 

□ GRAY SCALE DOCUMENTS 

OPINES OR MARKS ON ORIGINAL DOCUMENT 

□ REFERENCE(S) OR EXHIBIT(S) SUBMITTED ARE POOR QUALITY 

□ OTHER: 

IMAGES ARE BEST AVAILABLE COPY. 
As rescanning these documents will not correct the image 
problems checked, please do not report these problems to 
the IFW Image Problem Mailbox. 



